Messages

So I figured it out:
Copilot first suggested to use request url: "/generic-webhook-trigger/invoke?token=mytoken"
this was wrong because it created an invalid url.

It seems that you cannot rewrite an invalid url with Nginx on Opnsense. So it could never work.
I changed the devops webhook to url: "/generic-webhook-trigger/invoke/token/mytoken"

Problem here is that jenkins accepts this format: http://JENKINS_URL/generic-webhook-trigger/invoke?token=TOKEN_HERE
So I still had to rewrite the now valid url from devops webhook.
used the following in nginx on opnsense:
location:
   URL pattern: /generic-webhook-trigger/invoke
   URL rewriting: MyRule

URL Rewriting:
   Description: Myrule
   Original URL Pattern: ^/generic-webhook-trigger/invoke/token/([^/]+)/git/notifyCommit$
   New URL Pattern: /generic-webhook-trigger/invoke?token=$1
   Flag: stop processing rules

Now the pipeline in Jenkins gets triggered when commiting a change to my Azure Devops Branch.
Still needs a bit of tweaking but at least I got it working.

I'm passing a webhook request from azure devops to my local jenkins. It's passing Nginx on OpnSense.
I read it does not give any clear message when the definition is invalid.
This is part of the request url: "/generic-webhook-trigger/invoke?token=mytoken/git/notifyCommit?url..."
The webhook url definition on devops is "/generic-webhook-trigger/invoke?token=mytoken", but it's also adding "/git/notifyCommit?url..." which creates a invalid url.
So i'm trying to remove "/git/notifyCommit?" from the url and replace it with "&".
But whatever i try to define as a URL rewriting rule (and add it to the location), it does not do anything, passing the original url.

Do you have any suggestions on the used parameters for the URL rewriting rule?

additionally I've also looked at the nginx.config and it validated with following test:
location = /git/notifyCommit {
    rewrite ^/git/notifyCommit?$ /somePage break;

But it still did not rewrite the url at all.

Latest update 24.7_9 seems to have resolved all my known GUI and timeout issues.
Thanks guys.

Wish I could do even that. Thought I could start with zero widgets, but saving the dashboard settings doesn't even work. Also the traffic graph widget cannot be closed. Furthermore the selection menu runs underneath the "Add Widget" page.

I was looking forward to a new dashboard, after upgrading to 24.7 but it's still a bit disapointing.
As the attached picture shows, some of the widgets do not work (yet).
"System Information" sometimes shows after a page refresh, but after a short while it shows "failed" again.
Are these known issues for all of the failing widgets?

Hope we get a hotfix soon.

I'm using several VLAN's that all have access to the internet, it's own VLAN and DNS on LAN, but nothing else on the network. See GUEST VLAN.jpg.
I think this looks fine.
My problem is with the camera network that I also don't want to give internet access.
Despite trying all kind of rules, I did not get a good result at first.
Except when adding the blocking rule on top of the others that is shown on the CAM VLAN.jpg.

What can I say, it works but i have the feeling its a bit of a novice solution.
The DNS access can also be obsoleted I gather.

Can you help me, or show me your solutions for this problem?
Thanks.

Thanks for your reply.

It wasn't exactly what I was searching for.
For this challenge there are few services working together, like OpnSense, Let's Encrypt and Truenas.
But I took it into another "easier" direction.
My doubt was if it would be possible to also use ACME on Truenas and on OpnSense at the same time creating the same wildcard certificate. It seems this is supported.
So now I'm simply creating the certificate as usual on OpnSense and configured the same on Truenas.

Problem solved.

Does anyone know if it's possible to upload a certificate from ACME with automation to TrueNas scale.
Maybe it is in development, but I can't find anything about it.
It's a wildcard certificate from let's encrypt that I'm using for Synology and also want to use for my TrueNas scale.
Or is the other way around possible, to use ngingx or traefic on Truenas and get it from OpnSense/ACME.
Or is it all to complex and simply use a different certificate on my Truenas scale.
I'm quite a bit relaying on the GUI userinterface and am not to familiar with linux commands at all.

Does anyone have experience with this?

The only hing that's disappointing to me is when using the color scheme "os-theme-rebellion". The details page is barely readable.

I think this a a shot in the dark, but I think that my OPNSense is blocking login.microsoftonline.com
It's OPNSense or the way it is configured, because when I make a Wifi connection through a hotspot on my Phone, the signin validates immediately.
Also from another PC, I cannot Signin from Visual Studio, connected to my private network.
Through Fiddler I see that Visual Studio Signin goes to login.microsoftonline.com but doesn't return an answer.
I've disabled ClamAV (i think non related), Intrusion Detection, Unbound DNS (BlockList), without success.
But I still have no clou how I can see that the Visual Studio Signin passes or is blocked.

Is there a way to passthrough this url to see if it's caused by OPNSense. Or is there a good monitoring tool that can help me.

Sorry about this I had to access it with domain:8443 instead of 1443.

what I did notice is that following plugins reported as missing?

os-acme-client (missing)   3.13   700KiB   OPNsense   ACME Client   
os-clamav (missing)   1.7_1   47.5KiB   OPNsense   Antivirus engine for detecting malicious threats   
os-intrusion-detection-content-et-open (missing)   1.0.1   1.53KiB   OPNsense   IDS Proofpoint ET open ruleset complementary subset for ET Pro Telemetry edition   
os-iperf (missing)   1.0_1   24.6KiB   OPNsense   Connection speed tester   
os-nginx (missing)   1.29   911KiB   OPNsense   Nginx HTTP server and reverse proxy   
os-theme-rebellion (missing)   1.8.8   5.20MiB   OPNsense   A suitably dark theme

After a sudden crash of OPNSense 22.7.2 it did no longer boot.
because I don't know much about linux and freesbd the only solution I could think of was to reinstall and restore the settings.
After the initial install I could reach 192.168.1.1 directly from my laptop, and was able to restore the latest backup from the explorer. After that internet again worked, restoring my iprange to 192.168.178.x. Also dns and dhcp (as it should) worked again after the restore.

problem now i that I cant access opnsense any more throught http://192.168.178.1/index.php or https://192.168.178.1:1443/index.php.

is there any way to configure some rule or setting, by console, to access my opnsense again from my laptop.

thanks franco and cookiemonster,

nothing found yet.
I ran both commands before changing anything and after. no errors found.
I feel a bit foolish, because now the issue doesn't happen (version OPNsense 22.1.10-amd64 from last night), whatever i try.
Still i'm not convinced that it won't happen after Opnsense has run for a while.
I will keep you updated.

Dag Eric,

Opnsense werkt qua verbinding met Ziggo nu zeer stabiel.
mijn instellingen zijn:
Basic configuration:
Enable: Yes

Generic configuration:
Block private networks: Yes
Block bogon networks: Yes
IPv4 Configuration Type: DHCP
IPv6 Configuration Type: DHCPV6
Speed and duplex: Default

DHCP client configuration:
Configuration Mode: Basic
Override MTU: Yes

DHCPv6 client configuration:
Configuration Mode: Basic
Request only an IPv6 prefix: Yes
Prefix delegation size: 56
Send IPv6 prefix hint: Yes
Use VLAN priority: Disabled

Every time I modify some Unbound DNS setting, but mostly Overrides, the service does not restart.
It does stop running after the settings are saved.
Also trying to do a manual start does not work. It halts for a few seconds showing it wants to start, but nothing happens.
Only after a reboot the service is again up and running.


Does anyone has an explanation for this behavior, and can it be resolved, or where can I find any logging why the service does not restart?

Thanks.